Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
We have a site which wants to connect back to our main office from an ASA running v7.2 via two different IPSec tunnels - one on the ASA's outside interface and one on its dmz. They want to set it up so that if the tunnel on the outside interface goe...
I know that historically the Pix has not allowed packets arriving on the inside interface to be routed back out the same interface. With v7.x, though, the command "same-security-traffic permit intra-interface" apparently allows hairpinning of encryp...
Is it possible to configure multiple "snmp-server host" commands that specify different interfaces? For example,"snmp-server host inside <host1>""snmp-server host dmz1 <host2>"..."management-access inside"Would the snmp-server statement specifying t...
I'm trying to configure a multilink frame-relay interface on a 1751 router and I keep getting an error message. The router acknowledges that "int mfr" is valid syntax, but when I try to implement the command I get "invalid input detected". Details ...
I have a functioning IPSec tunnel between two pixes. One is a 525 running 6.3(4) of the code, the other is a 515E running 7.0. The tunnel comes up OK, but if it drops because of a lack of interesting traffic, the tunnel will not come back up UNLESS...
Thanks. What I also need is a link showing an example of how to set up failover between two IPSec tunnels on different interfaces using DPD. That is what I have so far been unable to locate. Does anyone have a link for that?
Where would I get the appropriate MIBs? Can they be downloaded and applied to the pix? The default MIBs do not give information on tunnel state, or any other aspect of the vpn tunnels, for that matter.Thanks.
Okay, I've removed the nat 0 and spent a couple of frustrating hours testing it. Here's what it is doing.I find that removing the nat 0 worked... sort of. It is true that now if I attempt to access the statically mapped host from the outside (a hos...
Okay, the consesus view seems to be that my nat 0 is at best faulty and at worst completely useless. I'll remove it and run some tests. I'll post the results here, probably tomorrow or Monday. The more I think about it, the more I think you are co...
